udev script can't resolve host name

[sietse@xxxxxxxxx (Sietse van Zanen)]

Jonathan,


Yes that is exactly the case. Look inside he unit filre, systemd-udevd.service. It contains lines like:

PrivateMounts=yes
MemoryDenyWriteExecute=yes
RestrictRealtime=yes
RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6
SystemCallFilter=@system-service @module @raw-io
SystemCallErrorNumber=EPERM
SystemCallArchitectures=native
LockPersonality=yes

I think the SystemCallFilter is your culplrit here. Removing it will probably make your script work, but it may also remove important protection.


-Sietse


________________________________
From: systemd-devel <systemd-devel-bounces@xxxxxxxxxxxxxxxxxxxxx> on behalf of Jonathan Kamens <jik@xxxxxxxxx>
Sent: Wednesday, August 15, 2018 10:31
To: systemd-devel at lists.freedesktop.org
Subject: udev script can't resolve host name


Hi,

If I understand correctly, this mailing list can be used for questions about udev as well as about systemd. If that's not correct, somebody please let me know and I will go elsewhere (and if you know where that "elsewhere" should be, please let me know, that would be helpful!); I don't mean to use the list incorrectly.

I want to call a webhook inside a script run via a RUN directive in a udev rule.

When I try to do this, curl says it's unable to resolve the host name of the URL I am asking it to fetch.

To collect more data about the cause of this issue, I also tried doing a "ping -c 1 8.8.8.8" inside the script, and it gets, "sendmsg: Operation not permitted."

I assume this means udev scripts are running inside some sort of restricted environment or something, but I can't figure out what controls the restrictions on that environment, whether I can loosen them, or how.

I'm on Ubuntu 18.04.

Any advice?

Thank you,

Jonathan Kamens